A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Contact: mailto:security@wolt.com
Encryption: https://keybase.io/woltsecurity/pgp_keys.asc
Preferred-Languages: en
Canonical: https://wolt.com/.well-known/security.txt
Hiring: https://wolt.com/en/jobs
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/crypto
wsBcBAABCgAGBQJfMTjdAAoJEO+3bH6D6RZ7JwMH/jdjtAGN5MWw1e+qhLEXiglz
l1Bk2fyxiE60Isoctjpj+YpLXBEVZXYs90DDdV1D7lxQyUfbD+ij0EGhFAHQSdhg
Lh4lyPVmw8ykThTZlBdwFXPLHYDJrTmmA6m0Pc8H4WTAihi+7/qUc+95jLE8zEc0
u3m6jugTcZ3et1T113eEb4Tvg1cvv0Lv7gWjrwuhLpFivPsY/dXi4/GvulQpZPWK
S/zD5HwEYyZlH0p8PPIb+0rwkYbkR9omZXte1u+TVdkWMcG49v+kjds41KbJOqmu
2UhfMaVwfqc2JXRX2AdItthsgelfe0HYtS1dshvozLDiHbOErIf4hgIrs6ag3xg=
=CRGE
-----END PGP SIGNATURE-----